• Supervised iOS devices using personal Apple IDs are unable to generate an Activation Lock Bypass Code through XenMobile.

• When triggering the ASM Activation Lock, the response shows:

   

  FAILED (Activation lock of the device failed for unexpected reason. If retry fails, the client should contact Apple support.)

• Organization-managed Apple IDs (via Apple Business Manager) can have Activation Lock applied and bypass codes generated through XenMobile.

• Attempts to enable organization-linked Activation Lock on devices bound to personal Apple IDs are incompatible and fail.

This behavior is controlled by Apple iOS policies. Citrix XenMobile cannot override Activation Lock restrictions on devices using personal Apple IDs.

Apple restricts modifications to Activation Lock for devices linked to a personal Apple ID. XenMobile cannot alter this behavior, as it is enforced by iOS security policies.

• Acknowledge that devices using personal Apple IDs cannot have Activation Lock behavior managed via XenMobile.
• For mass deployment, consider using organization-managed Apple IDs (via Apple Business Manager) to enable automated Activation Lock policies.
• If devices are already enrolled with personal Apple IDs and Activation Lock needs to be managed, the only current workaround is to manually turn off Activation Lock in Apple Business Manager, then apply XenMobile Activation Lock actions.
• Communicate to end-users that this limitation is due to Apple policies, not XenMobile functionality.

Supervised Apple iOS devices are unable to create Activation Lock Bypass Code. When trying to trigger creation an error occurs. ASM activation lock response : FAILED (Activation lock of the device failed for unexpected reason. If retry fails, the client should contact Apple support.) Already contacted Apple support. They told me that Activation Lock Bypass Code is an MDM provider specific feature.

Devices using personal Apple IDs cannot have the Activation Lock behavior changed via XenMobile. This is an Apple-enforced limitation and not configurable from the XenMobile side.